Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   ASP .Net (http://www.velocityreviews.com/forums/f29-asp-net.html)
-   -   Can't get Set-Cookie headers after posting to Forms Auth. login page (http://www.velocityreviews.com/forums/t76621-cant-get-set-cookie-headers-after-posting-to-forms-auth-login-page.html)

=?Utf-8?B?SWdneSBFdmFucw==?= 04-24-2004 08:41 AM

Can't get Set-Cookie headers after posting to Forms Auth. login page
 

Hi

My app is trying to login to an ASP.NET site that uses Forms authentication. I am trying to do in my app (what was previously posted in a newsgroup) the same that a browser does
3) The browser requests the login page specified
4) The server responds with the login pag
5) The user fills in the login page and submits the form, so the browser POSTs the form back to the login pag
6) If the credentials are valid, the server responds with another "302 Page Moved" status, a Location header pointing to protected.aspx, and a Set-Cookie header providing the encrypted Forms Authentication Ticket

I build a Post request to login.aspx and use HttpWebRequest to send it. I use HttpWebResponse to get the response

I have sent the proper login & password & VIEWSTATE info and all that stuff. In a sniffer trace, the response is a "HTTP/1.1 302 Found" with 3 Set-Cookie Headers. The web site redirects me to default.aspx; the trace shows my side (IIS?) sending a GET request for default.aspx, and that's what my app gets in my HttpWebResponse object. The problem is that I don't get logged in because this automatic GET request (below my app somewhere) doesn't get the cookies from the "302 Found" response and send it with the request; I know this because I run the trace and do the same steps from a browser, and in that session, the cookies get passed properly in the 'GET default.aspx' request

The HttpWebResponse object has a ContinueDelegate property, where I can provide a delegate method that's called when a HTTP 100 Continue response is received, but nothing for a "302 Found" response

Any ideas how to solve this? This is a show-stopper for me. I have a standard setup: VS.NET 2003 on XP Pro with IE 6.0 SP1

Thanks in advance
Iggy Evans

Joerg Jooss 04-24-2004 10:26 AM

Re: Can't get Set-Cookie headers after posting to Forms Auth. login page
 
Iggy Evans wrote:
> Hi,
>
> My app is trying to login to an ASP.NET site that uses Forms
> authentication. I am trying to do in my app (what was previously
> posted in a newsgroup) the same that a browser does: 3) The browser
> requests the login page specified. 4) The server responds with the
> login page 5) The user fills in the login page and submits the form,
> so the browser POSTs the form back to the login page 6) If the
> credentials are valid, the server responds with another "302 Page
> Moved" status, a Location header pointing to protected.aspx, and a
> Set-Cookie header providing the encrypted Forms Authentication
> Ticket.
>
> I build a Post request to login.aspx and use HttpWebRequest to send
> it. I use HttpWebResponse to get the response.
>
> I have sent the proper login & password & VIEWSTATE info and all that
> stuff. In a sniffer trace, the response is a "HTTP/1.1 302 Found"
> with 3 Set-Cookie Headers. The web site redirects me to default.aspx;
> the trace shows my side (IIS?) sending a GET request for
> default.aspx, and that's what my app gets in my HttpWebResponse
> object. The problem is that I don't get logged in because this
> automatic GET request (below my app somewhere) doesn't get the
> cookies from the "302 Found" response and send it with the request; I
> know this because I run the trace and do the same steps from a
> browser, and in that session, the cookies get passed properly in the
> 'GET default.aspx' request.


The most simple explanation is that you didn't set a CookiContainer in your
HttpWebRequest. If you don't, the framework won't process cookies and
they're all lost.

Cheers,
--
Joerg Jooss
joerg.jooss@gmx.net




=?Utf-8?B?SWdneSBFdmFucw==?= 04-25-2004 10:16 AM

Re: Can't get Set-Cookie headers after posting to Forms Auth. login page
 
Brilliant. Thanks, Joerg, that worked

Iggy


All times are GMT. The time now is 12:34 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.